<?php session_start();
if (!isset($_SESSION['Username'])) {
                header("location:login.php");
        }
 ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add/Remove Vendors</title>
<link href="css/default.css" rel="stylesheet" type="text/css" />
<script language="JavaScript" src="scripts/rand_password.js"></script>
<?php include('includes/path.php'); ?>

</head>

<body class="oneColFixCtrHdr">
<div id="container">
<?php include( 'includes/header.php' ); ?>
<?php include( 'includes/menu.php' ); ?>
<?php include ('includes/status.php'); ?>
  <div id="mainContent">
      
       <?php
	// This file inserts the following
	// variables: USER, PASS, DB
	include('db.php');

    ?>
     <form action="addvendor.php" method="post" enctype="multipart/form-data" name="addvendor" target="_parent">
      <?php
	   	if(isset($_SESSION['manager']) && $_SESSION['manager']) 
		{
			$TABLE = "Vendors";
			$ROW_NUMBER = 0;

			$CON = mysql_connect( $HOST, $USER, $PASS );

			if (!$CON)
			  {
					  die('Could not connect: ' . mysql_error());
			  }
			
			mysql_select_db( $DB );
			
			$input = (isset($_POST['vendors']) ? htmlspecialchars($_POST['vendors']) : '');
			$row1 = mysql_fetch_assoc( mysql_query( "SELECT vendor_id FROM Vendors ORDER BY vendor_id DESC LIMIT 1" ) );
			$number = $row1['vendor_id'] +1;  
			
			$input3 = (isset($_POST['numberOfRows']) ? htmlspecialchars($_POST['numberOfRows']) : '');
			while($input3>0)
			{
				$input3 --;
				$tmp = (isset($_POST[$input3]) ? htmlspecialchars($_POST[$input3]) : '');
				if(Empty($tmp)) ;
				else 
				{
					mysql_query("DELETE from Vendors where(vendor_id) = $tmp  ");
					mysql_query("DELETE from Parts where(vendor_id) = $tmp  ");
				}
			}
			
			if(Empty($input)) ;
			else mysql_query("INSERT INTO Vendors (vendor_id, company_name) VALUES ($number, '$input')");
				
	 
			$QRY = 'SELECT * FROM  Vendors ORDER BY vendor_id ASC';
			echo '<table style="width: 50%; border: 5px #aba groove;" align="center">';
			echo '<tr style="background-color: #77C48E;" align = "center"><th colspan=3>Current Vendors</th></tr>';
			echo '<tr style="background-color: #D6B376;">
				<th style="text-align: center;">Vendor ID</th>
				<th style="text-align: center;">Vendor Name</th>
				<th style="text-align: center; width: 50px">Remove</th>
			</tr>';
		   $RESULT = mysql_query($QRY);
		   while($ROW = mysql_fetch_array($RESULT))
			{
					echo '<tr style="background-color: #';
					if ( $ROW_NUMBER % 2 ){ echo 'FFF;"'; }
					else { echo 'DEDEDE;"'; }
					echo '><td style="text-align: center">' . $ROW['vendor_id'] . '</td>
					<td style="text-align: center">' . $ROW['company_name'] . '</td>
					<td style="text-align: center"><input type="checkbox" name="'.$ROW_NUMBER.'" value="'.$ROW['vendor_id'].'"/></td></tr>';
			$ROW_NUMBER++;
			}
			echo '<input type="hidden" name="numberOfRows" value="'.$ROW_NUMBER.'">';
	   
			
			
			 echo '<tr><td></td>
				<td style="text-align: center;"><input type="submit" value="Remove Selected Vendors"></td></tr>';
			echo '</table>';
			
			
			echo "<hr>";
			
			mysql_close($CON);


			echo'</form><div  align ="center"><form action="addvendor.php" method="POST" enctype="multipart/form-data" name="addvendor" target="_parent">
				<table style="width: 50%; border: 5px #aba groove;" align="center"><tr style="background-color: #77C48E;" align = "center"><th colspan=2>Add a New Vendor</th></tr>	
				<tr><td style="width:50%" align ="right"><p>Vendor Name: </p></td><td align="left"><input name="vendors" type="text" /></td></tr>
				<tr><td colspan ="2" align ="center"><input name="vendor" type="submit" value="Add Vendor" /></td></tr></table></form></div>';
		}
		else echo "Managers Only!";
            
?>
  <!-- end #mainContent --></div>
<?php include('includes/footer.php'); ?>
<!-- end #container --></div>
</body>
</html>
